BLE Link Layer Security Features

When in a Bluetooth® Low Energy (BLE) connection, data within the payload can be encrypted, ensuring confidentiality of the data against attackers. Encrypted packets also include a message integrity check (MIC) value to authenticate the validity of a sender, as well as packet counters to prevent replay attacks.

The BLE Link Layer uses the AES-128 block cipher for authenticated encryption using Cipher Block Chaining-Message Authentication Code (CCM) Mode.

Basic Security Workflow in BLE

The BLE core specification defines rules and algorithms in the Security Manager (SM) and Generic Access Profile (GAP) layers to provide secure communications.

To keep it simple, when two devices who initially do not have security, wish to do something which requires security, the devices must first pair. This process could be triggered (for example) by a Client/Central/Master device that is attempting to access a data value (a "characteristic") on a Server/Peripheral/Slave that requires authenticated access.

Security modes and procedures are always deployed after a BLE connection is established. Discovery and Connection processes are always un-encrypted.

Pairing involves authenticating the identity of two devices, encrypting the link, and then distributing keys (for faster reconnection in the future, i.e. Bonding) used for encryption.

Please refer to the GAP Security Page for a detailed discussion on BLE security.

© 2016 Microchip Technology, Inc.
Information contained on this site regarding device applications and the like is provided only for your convenience and may be superseded by updates. It is your responsibility to ensure that your application meets with your specifications. MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHER EXPRESS OR IMPLIED, WRITTEN OR ORAL, STATUTORY OR OTHERWISE, RELATED TO THE INFORMATION, INCLUDING BUT NOT LIMITED TO ITS CONDITION, QUALITY, PERFORMANCE, MERCHANTABILITY OR FITNESS FOR PURPOSE. Microchip disclaims all liability arising from this information and its use. Use of Microchip devices in life support and/or safety applications is entirely at the buyer's risk, and the buyer agrees to defend, indemnify and hold harmless Microchip from any and all damages, claims, suits, or expenses resulting from such use. No licenses are conveyed, implicitly or otherwise, under any Microchip intellectual property rights.